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WHAT IS CLAIMED IS: 

1 . A firewall system for preventing non-requested packets 
coming from a public network from reaching network elements connected 

5 thereto, said firewall system comprising: 

a front-end server having internal and external interfaces; 
said front-end server external interface being attached to the public 
network; said front-end server being configured to drop non-requested 
incoming packets from the public network; said non-requested packets 
10 including signed packets and unsigned packets; and 

a back-end server having internal and external interfaces; 
said back-end internal interface being attached to the network elements 
and to said front end internal interface via said back-end external 
interface; said back-end server being so configured as to gather packets 
15 requested by the network elements from the public network, and signed 
packets from the front-end sender; said back-end server being configured 
so as to prevent leaks from the network elements. 

2. A firewall system as recited in claim 1. wherein at least 
20 one of said front-end and back-end servers is configured to implement IP 

filtering. 

3. A firewall system as recited in claim 2, wherein said 
front-end and back-end servers implement IP filtering according to the 

25 same rules. 
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4. A firewall system as recited In claim 1, wherein said 
back-end server is configured to capture at least one request from one 
of the network elements and to analyse said request for legitimacy before 
passing it to the public network. 

5 

5. A firewall system as recited in claim 1, wherein said 
back-end server is configured to detect a transfer of data from the 
network elements to the public network. 

10 6. A firewall system as recited in claim 1, wherein at least 

one of said back-end internal and external interfaces and front-end 
internal and external interfaces is in the form of an ethernet card. 

7. A firewall system as recited in claim 1, wherein said 
15 front-end server is configured with a first OS (Operating System) and said 

back-end server is configured with second OS, 

8. A firewall system as recited in claim 7. wherein said first 
and second OS are different. 

20 

9. A firewall system as recited in claim 1 , wherein said 
back-end server includes an application gateway. 

10. A firewall system as recited in claim 1, wherein said 
25 back-end server includes a proxy sen/ice. 
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11, A firewall system as recited in claim 1, wherein said 
front-end server is so configured as to provide NAT (Network Address 
Translation)- 

5 12, A firewall system as recited in claim 11, wherein said 

NAT is so implemented as to not allow DNS (Domain Name System) to 
pass. 

13. A firewall system as recited in claim 1, wherein said 
1 0 front-end server includes a third interface. 

14. A firewall system as recited in claim 13, further 
comprising at least one of a DNS server, a web server, an email server 
and a time server connected to said third interface of the front-end server 

15 and wherein said third interface is configured so as to provide a DMZ 
(DiMilitarized Zone) for said at least one of a DNS server, a web server, 
an email server and a time server. 

15. A firewall system as recited in claim 14, wherein said 
20 front-end sen/er is configured to examine request sent to one of said at 

least one of DNS, web, email and time servers for potentially malicious 
commands. 

16. A firewall system as recited in claim 13, further 
25 comprising a push mail server connected to said third interface of the 

front-end sender and wherein said third interface is configured so as to 
provide a DMZ for said push mail server. 
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17. A firewall system as recited in claim 16, further 
comprising an internal email server connected to said internal interface of 
said back-end server; wherein said back-end server is configured to 

5 transfer email from said push mail server to said internal email server; 
whereby no email is allowed to pass through said front-end server directly 
to said back-end server. 

18. A firewall system as recited in claim 16, wherein said 
10 push mail sen/er is being configured to verify email for malicious content. 

19. A firewall system as recited in claim 18, wherein said 
push mail server is configured to remove active content form emails. 

15 20, A firewall system as recited in claim 18, wherein said 

push mail server is configured to scan emails for viruses. 

21, A firewall system as recited in claim 17. further 
comprising an internal site firewall attached to said internal interface of 

20 said back-end server; said internal mail server being attached to said 
internal site firewall. 

22, A firewall system as recited in claim 21, further 
comprising a DNS server attached to said internal site firewall, 

25 

23, A firewall system as recited in claim 21, further 
comprising a web server attached to said internal site firewall, 
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24. A firewall system as recited in claim 1. wherein said 
front-end server is attached to the public network via a router. 



5 25. A firewall system as recited in claim 1, wherein said 

public netwo* is the Internet. 



